631 matches found
PT-2022-16998 · Unknown · Ember Znet Stack
Name of the Vulnerable Software and Affected Versions: Ember ZNet stack affected versions not specified Description: A malformed packet causes a stack overflow in the Ember ZNet stack, leading to an assert and a subsequent reset, which immediately clears the error. Recommendations: At the moment,...
Fedora: Security Advisory for php-wikimedia-assert (FEDORA-2022-ea159a2ec4)
The remote host is missing an update for the SPDX-FileCopyrightText: 2022 Greenbone AG Some text descriptions might be excerpted from a referenced sources, and are Copyright C by the respective right holders. SPDX-License-Identifier: GPL-2.0-only ifdescription...
CVE-2022-38150
In Varnish Cache 7.0.0, 7.0.1, 7.0.2, and 7.1.0, it is possible to cause the Varnish Server to assert and automatically restart through forged HTTP/1 backend responses. An attack uses a crafted reason phrase of the backend response status line. This is fixed in 7.0.3 and 7.1.1...
CVE-2022-38150
CVE-2022-38150 affects Varnish Cache 7.0.0–7.0.2 and 7.1.0. A crafted reason phrase in the backend response can cause the Varnish server to assert and automatically restart. The issue is mitigated by upgrading to Varnish 7.0.3 or 7.1.1, which include the fix. Several open-source advisories (openS...
CVE-2022-29228
A flaw was found in Envoy. The OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT in newer versions and corrupts memory on earlier versions...
Design/Logic Flaw
Envoy is a cloud-native high-performance proxy. In versions prior to 1.22.1 the OAuth filter would try to invoke the remaining filters in the chain after emitting a local response, which triggers an ASSERT in newer versions and corrupts memory on earlier versions. continueDecoding shouldn’t eve...
CVE-2021-46054
A Denial of Service vulnerability exists in Binaryen 104 due to an assertion abort in wasm::WasmBinaryBuilder::visitRethrowwasm::Rethrow...
PT-2021-8075 · Linux +2 · Linux Kernel +2
Name of the Vulnerable Software and Affected Versions: Linux kernel affected versions not specified Description: The vulnerability is related to the use of the get user pages unlocked call to handle mmap assert in the nitro enclaves component of the Linux kernel. After a specific commit, the call...
Can't claim last part of airdrop
Handle gpersoon Vulnerability details Impact Suppose you are eligible for the last part of your airdrop or your entire airdrop if you haven't claimed anything yet. Then you call the function claim of AirdropDistribution.sol, which has the following statement: "assertairdropmsg.sender.amount -...
exitTempusAMM can be made to fail
Handle cmichel Vulnerability details There's a griefing attack where an attacker can make any user transaction for TempusController.exitTempusAMM fail. In exitTempusAMM, the user exits their LP position and claims back yield and principal shares. The LP amounts to redeem are determined by the...
depositAndFix can be made to fail
Handle cmichel Vulnerability details There's a griefing attack where an attacker can make any user transaction for TempusController.depositAndFix fail. In depositAndFix, swapAmount many yield shares are swapped to principal where swapAmount is derived from the function arguments. A final...
MGASA-2021-0415 Updated exiv2 packages fix security vulnerabilities
The updated exiv2 packages fix security vulnerabilities: An assertion failure is triggered when Exiv2 is used to modify the metadata of a crafted image file. An attacker could potentially exploit the vulnerability to cause a denial of service, if they can trick the victim into running Exiv2 on a...
CVE-2021-1093
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver contains an assert or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary, and may lead to denial of...
CVE-2021-1093
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver contains an assert or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary, and may lead to denial of...
UBUNTU-CVE-2021-1093
NVIDIA GPU Display Driver for Windows and Linux contains a vulnerability in firmware where the driver contains an assert or similar statement that can be triggered by an attacker, which leads to an application exit or other behavior that is more severe than necessary, and may lead to denial of...
PT-2021-6692 · Nvidia +2 · Nvidia Gpu Display Driver +2
Name of the Vulnerable Software and Affected Versions: NVIDIA GPU Display Driver for Windows and Linux affected versions not specified Description: The issue is related to a vulnerability in the firmware of the NVIDIA GPU Display Driver, where an assert or similar statement can be triggered by an...
PT-2021-7714 · Libde265 +3 · Libde265 +3
Name of the Vulnerable Software and Affected Versions: libde265 version 1.0.8 Description: The issue is related to the insufficient use of the assert function in the sps.cc component of the libde265 h.265 video codec implementation. This can be exploited by a remote attacker using a specially...
ALPINE-CVE-2021-28687
HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions. Many internal data structures also require this initialize / dispose discipline, but not all of...
CVE-2021-28687
HVM soft-reset crashes toolstack libxl requires all data structures passed across its public interface to be initialized before use and disposed of afterwards by calling a specific set of functions. Many internal data structures also require this initialize / dispose discipline, but not all of...
CVE-2020-36382
OpenVPN Access Server 2.7.3 to 2.8.7 allows remote attackers to trigger an assert during the user authentication phase via incorrect authentication token data in an early phase of the user authentication resulting in a denial of service...